mirror of
https://github.com/RfidResearchGroup/proxmark3.git
synced 2024-11-21 04:50:29 -08:00
da564aed3c
This was broken in commit 17ab86c52
as the forced rounding up of
the size to 4-byte alignment in BigBuf_malloc made the size check
possibly larger than the buffer size as the check was always +3 on
the requested size rather than the rounded size. This was made
worse by BigBuf_max_traceLen not taking into account alignment
either and the alignmentn check in hfsnoop.c checking to 2 byte
alignment instead of 4 byte alignment.
The alignment size check now checks the size after alignment
rounding, and BigBuf_max_traceLen takes into account alignment
losses too reducing the need for BigBuf consumers to have to care
about alignment.
215 lines
6.9 KiB
C
215 lines
6.9 KiB
C
//-----------------------------------------------------------------------------
|
|
// Copyright (C) Proxmark3 contributors. See AUTHORS.md for details.
|
|
//
|
|
// This program is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU General Public License for more details.
|
|
//
|
|
// See LICENSE.txt for the text of the license.
|
|
//-----------------------------------------------------------------------------
|
|
// Routines to get sample data from FPGA.
|
|
//-----------------------------------------------------------------------------
|
|
#include "hfsnoop.h"
|
|
#include "proxmark3_arm.h"
|
|
#include "BigBuf.h"
|
|
#include "fpgaloader.h"
|
|
#include "ticks.h"
|
|
#include "dbprint.h"
|
|
#include "util.h"
|
|
#include "fpga.h"
|
|
#include "appmain.h"
|
|
#include "cmd.h"
|
|
|
|
static void RAMFUNC optimizedSniff(uint16_t *dest, uint16_t dsize) {
|
|
while (dsize > 0) {
|
|
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
|
|
*dest = (uint16_t)(AT91C_BASE_SSC->SSC_RHR);
|
|
dest++;
|
|
dsize -= sizeof(dsize);
|
|
}
|
|
}
|
|
}
|
|
|
|
static void RAMFUNC skipSniff(uint8_t *dest, uint16_t dsize, uint8_t skipMode, uint8_t skipRatio) {
|
|
uint32_t accum = (skipMode == HF_SNOOP_SKIP_MIN) ? 0xffffffff : 0;
|
|
uint8_t ratioindx = 0;
|
|
while (dsize > 0) {
|
|
if (AT91C_BASE_SSC->SSC_SR & AT91C_SSC_RXRDY) {
|
|
volatile uint16_t val = (uint16_t)(AT91C_BASE_SSC->SSC_RHR);
|
|
switch (skipMode) {
|
|
case HF_SNOOP_SKIP_MAX:
|
|
if (accum < (val & 0xff))
|
|
accum = val & 0xff;
|
|
if (accum < (val >> 8))
|
|
accum = val >> 8;
|
|
break;
|
|
case HF_SNOOP_SKIP_MIN:
|
|
if (accum > (val & 0xff))
|
|
accum = val & 0xff;
|
|
if (accum > (val >> 8))
|
|
accum = val >> 8;
|
|
break;
|
|
case HF_SNOOP_SKIP_AVG:
|
|
accum += (val & 0xff) + (val & 0xff);
|
|
break;
|
|
default: { // HF_SNOOP_SKIP_DROP and the rest
|
|
if (ratioindx == 0)
|
|
accum = val & 0xff;
|
|
}
|
|
}
|
|
|
|
ratioindx++;
|
|
if (ratioindx >= skipRatio) {
|
|
if (skipMode == HF_SNOOP_SKIP_AVG && skipRatio > 0) {
|
|
accum = accum / (skipRatio * 2);
|
|
if (accum <= 0xff)
|
|
*dest = accum;
|
|
else
|
|
*dest = 0xff;
|
|
} else {
|
|
*dest = accum;
|
|
}
|
|
|
|
dest++;
|
|
dsize --;
|
|
accum = (skipMode == HF_SNOOP_SKIP_MIN) ? 0xffffffff : 0;
|
|
ratioindx = 0;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
int HfSniff(uint32_t samplesToSkip, uint32_t triggersToSkip, uint16_t *len, uint8_t skipMode, uint8_t skipRatio) {
|
|
BigBuf_free();
|
|
BigBuf_Clear_ext(false);
|
|
|
|
Dbprintf("Skipping first %d sample pairs, Skipping %d triggers", samplesToSkip, triggersToSkip);
|
|
|
|
LED_D_ON();
|
|
|
|
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
|
|
|
|
SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
|
|
|
|
// Set up the synchronous serial port
|
|
FpgaSetupSsc(FPGA_MAJOR_MODE_HF_SNIFF);
|
|
|
|
// Setting Frame Mode For better performance on high speed data transfer.
|
|
AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(16);
|
|
|
|
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SNIFF);
|
|
SpinDelay(100);
|
|
|
|
*len = BigBuf_max_traceLen();
|
|
uint8_t *mem = BigBuf_malloc(*len);
|
|
|
|
uint32_t trigger_cnt = 0;
|
|
uint16_t r = 0, interval = 0;
|
|
|
|
bool pressed = false;
|
|
while (pressed == false) {
|
|
WDT_HIT();
|
|
|
|
// cancel w usb command.
|
|
if (interval == 2000) {
|
|
if (data_available())
|
|
break;
|
|
|
|
interval = 0;
|
|
} else {
|
|
interval++;
|
|
}
|
|
|
|
// check if trigger is reached
|
|
if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
|
|
r = (uint16_t)AT91C_BASE_SSC->SSC_RHR;
|
|
|
|
r = MAX(r & 0xFF, r >> 8);
|
|
|
|
// 180 (0xB4) arbitrary value to see if a strong RF field is near.
|
|
if (r > 180) {
|
|
|
|
if (++trigger_cnt > triggersToSkip) {
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
pressed = BUTTON_PRESS();
|
|
}
|
|
|
|
if (pressed == false) {
|
|
|
|
// skip samples loop
|
|
while (samplesToSkip != 0) {
|
|
|
|
if (AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_RXRDY)) {
|
|
samplesToSkip--;
|
|
}
|
|
}
|
|
|
|
if (skipMode == 0)
|
|
optimizedSniff((uint16_t *)mem, *len);
|
|
else
|
|
skipSniff(mem, *len, skipMode, skipRatio);
|
|
|
|
if (g_dbglevel >= DBG_INFO) {
|
|
Dbprintf("Trigger kicked in (%d >= 180)", r);
|
|
Dbprintf("Collected %u samples", *len);
|
|
}
|
|
}
|
|
|
|
//Resetting Frame mode (First set in fpgaloader.c)
|
|
AT91C_BASE_SSC->SSC_RFMR = SSC_FRAME_MODE_BITS_IN_WORD(8) | AT91C_SSC_MSBF | SSC_FRAME_MODE_WORDS_PER_TRANSFER(0);
|
|
LED_D_OFF();
|
|
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
|
|
BigBuf_free();
|
|
return (pressed) ? PM3_EOPABORTED : PM3_SUCCESS;
|
|
}
|
|
|
|
void HfPlotDownload(void) {
|
|
|
|
tosend_t *ts = get_tosend();
|
|
uint8_t *this_buf = ts->buf;
|
|
|
|
FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
|
|
|
|
FpgaSetupSsc(FPGA_MAJOR_MODE_HF_GET_TRACE);
|
|
|
|
AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTDIS; // Disable DMA Transfer
|
|
AT91C_BASE_PDC_SSC->PDC_RPR = (uint32_t) this_buf; // start transfer to this memory address
|
|
AT91C_BASE_PDC_SSC->PDC_RCR = PM3_CMD_DATA_SIZE; // transfer this many samples
|
|
ts->buf[0] = (uint8_t)AT91C_BASE_SSC->SSC_RHR; // clear receive register
|
|
AT91C_BASE_PDC_SSC->PDC_PTCR = AT91C_PDC_RXTEN; // Start DMA transfer
|
|
|
|
FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_GET_TRACE); // let FPGA transfer its internal Block-RAM
|
|
|
|
LED_B_ON();
|
|
for (size_t i = 0; i < FPGA_TRACE_SIZE; i += PM3_CMD_DATA_SIZE) {
|
|
// prepare next DMA transfer:
|
|
uint8_t *next_buf = ts->buf + ((i + PM3_CMD_DATA_SIZE) % (2 * PM3_CMD_DATA_SIZE));
|
|
|
|
AT91C_BASE_PDC_SSC->PDC_RNPR = (uint32_t)next_buf;
|
|
AT91C_BASE_PDC_SSC->PDC_RNCR = PM3_CMD_DATA_SIZE;
|
|
|
|
size_t len = MIN(FPGA_TRACE_SIZE - i, PM3_CMD_DATA_SIZE);
|
|
|
|
while (!(AT91C_BASE_SSC->SSC_SR & (AT91C_SSC_ENDRX))) {}; // wait for DMA transfer to complete
|
|
|
|
reply_old(CMD_FPGAMEM_DOWNLOADED, i, len, FPGA_TRACE_SIZE, this_buf, len);
|
|
this_buf = next_buf;
|
|
}
|
|
|
|
FpgaWriteConfWord(FPGA_MAJOR_MODE_OFF);
|
|
|
|
// Trigger a finish downloading signal with an ACK frame
|
|
reply_ng(CMD_FPGAMEM_DOWNLOAD, PM3_SUCCESS, NULL, 0);
|
|
LED_B_OFF();
|
|
}
|